On Sun, 2006-10-01 at 16:49 +0200, Frederic Peters wrote: > Package: ftp.debian.org > > Hi Moritz, hi Ondrej, hi ftp-masters, > > Ondrej, ftp-master: this is discussion about removing the pdftohtml I > maintain since poppler builds a functional equivalent as part of > poppler-utils package. > > It is triggered by Moritz wrt regular xpdf security issues (pdftohtml > embeds a copy of xpdf code). > > I wrote: > > > > Sorry I forgot to answer you. I had a look to poppler-utils pdftohtml > > > (from experimental) and the only difference is in the unit used for > > > dimensions and coordinates; this is only about XML output. > > > > > > This bugged me since I would have to update my scripts but I believe > > > this is minor with regards to security benefits we gain using a single > > > code base. > > > > > > So I would say you could create a transitional pdftohtml package from > > > poppler-utils and request removal of pdftohtml. Perhaps a NEWS.Debian > > > is approriate for this transitional package, with a note about unit > > > change. > > And Moritz answered: > > > As you're listed as maintainer and I'm busy with Security work, could > > you prepare that before Etch freeze? Otherwise we could make it RC and > > have it fixed as part of one the BSPs. > > Request filed against ftp.debian.org. > > Ondrej: once pdftohtml is removed, would you building a transitional > pdftohtml package with the appropriate NEWS.Debian ? I obviously can > prepare a NMU if you want.
I am waiting for poppler-data to propagate through testing. I will upload poppler 0.5.x to unstable then. I think it would be better to prepare dummy transitional package from pdftohtml package, so poppler is not stuck in NEW, we can get rid of pdftohtml source package after etch is out. What do you think? Ondrej. -- Ondřej Surý <[EMAIL PROTECTED]> http://blog.rfc1925.org/
signature.asc
Description: This is a digitally signed message part
